Re: [lamps] Interest to standardize PKI REST APIs?
Tomas Gustavsson <tomas.gustavsson@primekey.com> Sun, 09 June 2019 16:43 UTC
Return-Path: <tomas.gustavsson@primekey.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76AF21200B1 for <spasm@ietfa.amsl.com>; Sun, 9 Jun 2019 09:43:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=primekey.com header.b=cmSPPA1J; dkim=pass (1024-bit key) header.d=primekey.com header.b=LdAQd7F2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqTHpUD5bDD4 for <spasm@ietfa.amsl.com>; Sun, 9 Jun 2019 09:43:34 -0700 (PDT)
Received: from mail.primekey.com (mail.primekey.com [84.55.121.163]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA45A12008F for <spasm@ietf.org>; Sun, 9 Jun 2019 09:43:33 -0700 (PDT)
Received: from mail.primekey.com (localhost [127.0.0.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.primekey.com (Postfix) with ESMTPS id 0E82F6AA0090 for <spasm@ietf.org>; Sun, 9 Jun 2019 18:43:26 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=primekey.com; s=mail; t=1560098606; bh=8udNaSmQgLRG32bq0gXeQLolkn+yhQQUaGBTcFWMeAY=; h=Subject:To:References:From:Date:In-Reply-To:From; b=cmSPPA1Jof6I5uD1gTJoeSF/rDIyjgnmsT7GCvFbIdcj8cKF3bM3i/leOXmtszo3s doKzTdHsErKW51x/9PZPCkm35+EKeLqEsi9uDxru30/xNjpAfAAO/no/0w6O3IBUEn d8Hm2AlJtIUrAYTEcZq3c9tQs3v1fo4EjuvKmQb0=
Received: from [192.168.43.22] (c-5eea2274-74736162.cust.telenor.se [94.234.34.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.primekey.com (Postfix) with ESMTPSA id B172A6AA0088 for <spasm@ietf.org>; Sun, 9 Jun 2019 18:43:24 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=primekey.com; s=mail; t=1560098605; bh=8udNaSmQgLRG32bq0gXeQLolkn+yhQQUaGBTcFWMeAY=; h=Subject:To:References:From:Date:In-Reply-To:From; b=LdAQd7F2fYpbpK2YQeJYRxp1B9n2td9flvsFXzPqt9e/sSD8k5126rAyLxoOzdLBt XcPiFvrlBi3kjO+w62+4IVwAJd3HTxGy4EOj8LvW+vCdgEH8dyacxBlIVl+u9pfk8N wN7lzH2mgNGtGlkQNiIKCZuyKg9R3jcx2MBBUA2Y=
To: spasm@ietf.org
References: <AM0PR10MB24028210BCE560C64195A74EFE320@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <AM0PR10MB2402B5BB06E4FB59A8ECB16BFE060@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <AM0PR10MB2402C7C1AAA09EABF047F0CEFE1D0@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <29FAEBF1-2D67-469F-BE78-AF58F78D055E@vigilsec.com> <BN7PR11MB2547D526E00CE7C5DDCDB3E9C91E0@BN7PR11MB2547.namprd11.prod.outlook.com> <17374.1559083024@localhost> <HE1PR0701MB24447D45A6A7461DEC49FE7B9B1F0@HE1PR0701MB2444.eurprd07.prod.outlook.com> <12129.1559329924@localhost> <7f83213b-2e63-57f5-5a1a-956d47b58683@primekey.com> <AM0PR10MB2402726EDDA7074FEDFF917DFE100@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <6992.1559937612@localhost>
From: Tomas Gustavsson <tomas.gustavsson@primekey.com>
Openpgp: preference=signencrypt
Autocrypt: addr=tomas.gustavsson@primekey.com; prefer-encrypt=mutual; keydata= mQENBEyuwwYBCAD31Jsxn1lf7rnFc7y3Ol+TE7pU7ohO78kMdoVrZdAMnU9W0P33GedbU+kF 8/RFq7HlXV8a91RkgtdcMAK8tSdtBKDGZCOJZm5qOZ/EHikY8k/7s1wgSQSF4hYSG/IABCCA W139joDFl4L3buWyk2lsYX1HDBpuXGDL5HFyu165T0ZVlt23T04xmAwpIHUViKUWw1QYnlRz s66Desn2WeP+X8/QlqF1zOTUXbgrThB1X/Oh2+wzP08HVoTQCzlrEMeb9x2k+oa8PtVdnflh nZKBtyyBkZxRoHG3tNKcaf7JLoadSXcSKSKvfApcsxpP2JpkQgIhLi3JWik/Z+RR2WD1ABEB AAG0MFRvbWFzIEd1c3RhdnNzb24gPHRvbWFzLmd1c3RhdnNzb25AcHJpbWVrZXkuY29tPokB NwQTAQgAIQUCWX8yTAIbIwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBibcSbAEP+QGAU CAC82dn8XCQ8Ei7gxQAdRSc2imaP/388i/ObDMYhNhg5j4gXs3tkfxuCvhwkzskUFgOtmaEy uz/gIiVjQIsjQrHh5tl9M0q2tqbDHJpWfE6/SkXPUmTqQ0VGyq1MmZ3/zg2jSoll74qBSfdH V7sWugRXeCBxfaPeYo8DdPCGi27yrdL8zb3xkJ3BxPcDGNdkLm+Yza+qAOrssCD7MSLN+6Sd ML5Xcmw6pgRPlQ0aCsM7scrwgBNb7KrwxaqBxqwcuqF0NMgNjeiEHi2Oj3HOZdYU4Blk2GFq 9zHuCzTWumgNOlfksZ9K3ZMJBn6KLPot5bVXIKdnHwWRzoKMDxkSZjM5uQENBEyuwwYBCADZ 98eCFQ64zKo1OKkUgEJHO1JdsiqRO1znu6KyaTcd2vXfOCGkFFVBL+vjzzyyYV7Sg1/AaG4r l9TKJCwvx8mUmTJkKQspTfOj6AY33bmfMB/8LBYj2BjtxXyMucPjNTJqbL2r1HeGPV2nwyof MAyo2qcYuiLs20Ob7U8vooOV3GDDKEkXtJYZzTEU6qabGsepGIvMu770OZwvm4akQiCGe5sQ 4+/UH1pMZQNi+/fGbONFx+TUVMM8EkXD6dQ5WoL+xPabPjqiUmR7EBvg0uocr70Ag93tWk1d 4RgFcicjwMFcPg4TZ8Y/3Y7Nmbyo14+4SMNfNPFLgQMawL+cLLkdABEBAAGJAR8EGAECAAkC GwwFAlYXhXUACgkQYm3EmwBD/kA2igf/QNpPe7sLt3KdRD3x4cStxGjLCWyj7x1YLVnV4Nnu TvaNhC+KHx3uG39y1x3PJQwslpeSQ6JipOUmxeQjjGJGQZLV41L1PCJVhCL98Dinr6dJkYB7 cAVhfmW8PI51jiANExLZu8U5gnthj5CGv4428ODQgSoRI0demG3HmVCNrKdap+orhT8zRkq8 DuHTO01U7PKsfvQ2k8AqSAC/JjMOs1mpFe032IApXxlZkE+33Q3dE5BiJmICYg8hsRXvpKTm ZMCdNZJUQLq+XNpg6RtAPQIPMmCepXrE9M/KuH+jFS2G5+Hx5VBSM644E1G2i+HOPCVdHjof iaNi3V/ItEG3jw==
Message-ID: <83b511c0-4047-9431-196b-9b4028ee726d@primekey.com>
Date: Sun, 09 Jun 2019 18:43:26 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <6992.1559937612@localhost>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/_upm457Kic-2Q2-DfWLYy1vOk90>
Subject: Re: [lamps] Interest to standardize PKI REST APIs?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jun 2019 16:43:36 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2019-06-07 22:00, Michael Richardson wrote: > > Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote: >> I think we need to first collect the required certificate >> management use cases and check if they are addressed by existing >> protocols. > > I don't want to do that. It's boiling the ocean. > > I'm okay with making a list of RESTful APIs (proprietary ones, most > of them have public specifications though), if only so that we know > who to invite. > >> Then I see two approaches: - Develop a new certificate management >> protocol using standard functionality of REST frameworks and >> learn from or even copy parts from existing protocols. > > sure, but: > https://www.explainxkcd.com/wiki/index.php/927:_Standards > >> - Take an existing certificate management protocol, e.g. CMP, >> adapt the transport to REST APIs and adapt the transaction >> concept slightly to allow a state-less server. > > I think that this is what we should do. Thanks for the answers. The current protocol that is most "REST-like" imho is EST, if not using the "fullcmc" functionality. You can maneuver it with openssl and curl for the simple methods. Some often required functions are missing, most notable revocation. > >> As already said, I dislike to develop further certificate >> management protocols. I think there are enough around already. >> Therefor I would prefer the second approach. But finally the >> solution must be acceptable to the target audience of developers >> asking for REST APIs for certificate management. > > Good, we agree :-) > > -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software > Works -= IPv6 IoT consulting =- > > > _______________________________________________ Spasm mailing list > Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJc/TcqAAoJEGJtxJsAQ/5APu8H/i7mNEQ/GXMTiryQvKF+dB3q HXqJyys1TPTgQ2FVEM25+CuG9J6WVrA89JsGbavs4epe7okdepRuImSYweB7DbTL 99V+IGnD9RHEfxtp1yGUOJU0DgBixy0Rp0vd6PDqQU62SMJ3tgtSbtI5B7YEdD0T 0aLJTSPAHzK38OCpIJJMJTs/gqSXogHwPPNiTZAncE4EXjiVMBEWaRSQJnO1mW6D vN7nnDtM2pDuAkTtkqxfO2rBd88a+N7eZiEUtl9RRDOOpLiyrrTqPkqUhIUp6fpx JqeupufpVPfuJYK9owFUmEm0ooL+Y3RgAZWPBbU8+D6D/kVlUcvYezGtROJCXV4= =6QPi -----END PGP SIGNATURE-----
- [lamps] Proposed Re-Chartering Text for CMP updat… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Peylo, Martin (Nokia - FI/Espoo)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Dr. Pala
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Fries, Steffen
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- [lamps] Support for working on the lightweight CM… Russ Housley
- Re: [lamps] Support for working on the lightweigh… Tomas Gustavsson
- Re: [lamps] Support for working on the lightweigh… Peylo, Martin (Nokia - FI/Espoo)
- Re: [lamps] Support for working on the lightweigh… Brockhaus, Hendrik
- Re: [lamps] Support for working on the lightweigh… Panos Kampanakis (pkampana)
- Re: [lamps] Support for working on the lightweigh… Michael Richardson
- Re: [lamps] Support for working on the lightweigh… Fries, Steffen
- Re: [lamps] Support for working on the lightweigh… Tomas Gustavsson
- Re: [lamps] Support for working on the lightweigh… Peylo, Martin (Nokia - FI/Espoo)
- Re: [lamps] Support for working on the lightweigh… Michael Richardson
- Re: [lamps] Support for working on the lightweigh… Michael Richardson
- Re: [lamps] Support for working on the lightweigh… Tomas Gustavsson
- [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Support for working on the lightweigh… Brockhaus, Hendrik
- Re: [lamps] Interest to standardize PKI REST APIs? Brockhaus, Hendrik
- Re: [lamps] Interest to standardize PKI REST APIs? Michael Richardson
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Salz, Rich
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Salz, Rich
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Salz, Rich
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Brockhaus, Hendrik
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Brockhaus, Hendrik
- Re: [lamps] Interest to standardize PKI REST APIs? Salz, Rich
- Re: [lamps] Interest to standardize PKI REST APIs? Dr. Pala
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson